Release: 1.2.4

Environment

RS/6000 - AIX 5.2

Description

In secmem.c there is a section to set "err=EPERM" instead of trying plock. Author indicates that ulimit change needs to be done. Althought the docs indicate this, if the sysadmin controls the stack segment properly through /etc/security/limits the rss size will be 32MB if stack is set to 65536 (the default).

This should not be a problem for gpg. larger values of "stack" will top out at the default segment size of 256MB unless altered at link time with -bmaxdata.

Fix

I understand the original author may have had cause for not implementing this, but I do not see a problem with performing the plock and guarantee the secure memory.

Remove special case for AIX and plock in the secmem.c file.
do:
err=plock(p,n);
if (err && errno)

err = errno;

gpg will need to be suid-root for ordinary users to plock the range. This too should not be a problem since suid is dropped after lock is applied.

Release Note

It took me several hours of transatlantic phone calls with IBM programmers to track down the problem on a life installation.

If the admin is not smart enough to read the manuals you will get very strange results and hangs. Thus it is better to play safe and not to try plock as we did before.